brew/Library/Homebrew/api.rb

# typed: true
# frozen_string_literal: true

require "api/analytics"
require "api/cask"
require "api/formula"
require "extend/cachable"

module Homebrew
  # Helper functions for using Homebrew's formulae.brew.sh API.
  #
  # @api private
  module API
    extend Cachable

    HOMEBREW_CACHE_API = (HOMEBREW_CACHE/"api").freeze
    HOMEBREW_CACHE_API_SOURCE = (HOMEBREW_CACHE/"api-source").freeze

    sig { params(endpoint: String).returns(Hash) }
    def self.fetch(endpoint)
      return cache[endpoint] if cache.present? && cache.key?(endpoint)

      api_url = "#{Homebrew::EnvConfig.api_domain}/#{endpoint}"
      output = Utils::Curl.curl_output("--fail", api_url)
      if !output.success? && Homebrew::EnvConfig.api_domain != HOMEBREW_API_DEFAULT_DOMAIN
        # Fall back to the default API domain and try again
        api_url = "#{HOMEBREW_API_DEFAULT_DOMAIN}/#{endpoint}"
        output = Utils::Curl.curl_output("--fail", api_url)
      end
      raise ArgumentError, "No file found at #{Tty.underline}#{api_url}#{Tty.reset}" unless output.success?

      cache[endpoint] = JSON.parse(output.stdout)
    rescue JSON::ParserError
      raise ArgumentError, "Invalid JSON file: #{Tty.underline}#{api_url}#{Tty.reset}"
    end

    sig { params(endpoint: String, target: Pathname).returns([T.any(Array, Hash), T::Boolean]) }
    def self.fetch_json_api_file(endpoint, target:)
      retry_count = 0
      url = "#{Homebrew::EnvConfig.api_domain}/#{endpoint}"
      default_url = "#{HOMEBREW_API_DEFAULT_DOMAIN}/#{endpoint}"

      if Homebrew.running_as_root_but_not_owned_by_root? &&
         (!target.exist? || target.empty?)
        odie "Need to download #{url} but cannot as root! Run `brew update` without `sudo` first then try again."
      end

      # TODO: consider using more of Utils::Curl
      curl_args = %W[
        --compressed
        --speed-limit #{ENV.fetch("HOMEBREW_CURL_SPEED_LIMIT")}
        --speed-time #{ENV.fetch("HOMEBREW_CURL_SPEED_TIME")}
      ]
      curl_args << "--progress-bar" unless Context.current.verbose?
      curl_args << "--verbose" if Homebrew::EnvConfig.curl_verbose?
      curl_args << "--silent" if !$stdout.tty? || Context.current.quiet?

      skip_download = target.exist? &&
                      !target.empty? &&
                      (!Homebrew.auto_update_command? ||
                        Homebrew::EnvConfig.no_auto_update? ||
                      ((Time.now - Homebrew::EnvConfig.api_auto_update_secs.to_i) < target.mtime))
      skip_download ||= Homebrew.running_as_root_but_not_owned_by_root?

      json_data = begin
        begin
          args = curl_args.dup
          args.prepend("--time-cond", target.to_s) if target.exist? && !target.empty?
          unless skip_download
            ohai "Downloading #{url}" if $stdout.tty? && !Context.current.quiet?
            # Disable retries here, we handle them ourselves below.
            Utils::Curl.curl_download(*args, url, to: target, retries: 0, show_error: false)
          end
        rescue ErrorDuringExecution
          if url == default_url
            raise unless target.exist?
            raise if target.empty?
          elsif retry_count.zero? || !target.exist? || target.empty?
            # Fall back to the default API domain and try again
            # This block will be executed only once, because we set `url` to `default_url`
            url = default_url
            target.unlink if target.exist? && target.empty?
            skip_download = false

            retry
          end

          opoo "#{target.basename}: update failed, falling back to cached version."
        end

        FileUtils.touch(target) unless skip_download
        JSON.parse(target.read)
      rescue JSON::ParserError
        target.unlink
        retry_count += 1
        skip_download = false
        odie "Cannot download non-corrupt #{url}!" if retry_count > Homebrew::EnvConfig.curl_retries.to_i

        retry
      end

      if endpoint.end_with?(".jws.json")
        success, data = verify_and_parse_jws(json_data)
        unless success
          target.unlink
          odie <<~EOS
            Failed to verify integrity (#{data}) of:
              #{url}
            Potential MITM attempt detected. Please run `brew update` and try again.
          EOS
        end
        [data, !skip_download]
      else
        [json_data, !skip_download]
      end
    end

    sig { params(json: Hash).returns(Hash) }
    def self.merge_variations(json)
      bottle_tag = ::Utils::Bottles::Tag.new(system: Homebrew::SimulateSystem.current_os,
                                             arch:   Homebrew::SimulateSystem.current_arch)

      if (variations = json["variations"].presence) &&
         (variation = variations[bottle_tag.to_s].presence)
        json = json.merge(variation)
      end

      json.except("variations")
    end

    sig { params(names: T::Array[String], type: String, regenerate: T::Boolean).returns(T::Boolean) }
    def self.write_names_file(names, type, regenerate:)
      names_path = HOMEBREW_CACHE_API/"#{type}_names.txt"
      if !names_path.exist? || regenerate
        names_path.write(names.join("\n"))
        return true
      end

      false
    end

    sig { params(json_data: Hash).returns([T::Boolean, T.any(String, Array, Hash)]) }
    private_class_method def self.verify_and_parse_jws(json_data)
      signatures = json_data["signatures"]
      homebrew_signature = signatures&.find { |sig| sig.dig("header", "kid") == "homebrew-1" }
      return false, "key not found" if homebrew_signature.nil?

      header = JSON.parse(Base64.urlsafe_decode64(homebrew_signature["protected"]))
      if header["alg"] != "PS512" || header["b64"] != false # NOTE: nil has a meaning of true
        return false, "invalid algorithm"
      end

      require "openssl"

      pubkey = OpenSSL::PKey::RSA.new((HOMEBREW_LIBRARY_PATH/"api/homebrew-1.pem").read)
      signing_input = "#{homebrew_signature["protected"]}.#{json_data["payload"]}"
      unless pubkey.verify_pss("SHA512",
                               Base64.urlsafe_decode64(homebrew_signature["signature"]),
                               signing_input,
                               salt_length: :digest,
                               mgf1_hash:   "SHA512")
        return false, "signature mismatch"
      end

      [true, JSON.parse(json_data["payload"])]
    end

    sig { params(path: Pathname).returns(T.nilable(Tap)) }
    def self.tap_from_source_download(path)
      source_relative_path = path.relative_path_from(Homebrew::API::HOMEBREW_CACHE_API_SOURCE)
      return if source_relative_path.to_s.start_with?("../")

      org, repo = source_relative_path.each_filename.first(2)
      return if org.blank? || repo.blank?

      Tap.fetch(org, repo)
    end
  end
end
Enabling typing in Homebrew::API module 2023-02-11 22:16:57 -08:00			`# typed: true`
Refactor API methods 2021-08-06 02:30:44 -04:00			`# frozen_string_literal: true`

			`require "api/analytics"`
			`require "api/cask"`
			`require "api/formula"`
Remove `json` argument and extend `Cachable` 2021-08-09 10:29:55 -04:00			`require "extend/cachable"`
Refactor API methods 2021-08-06 02:30:44 -04:00
			`module Homebrew`
			`# Helper functions for using Homebrew's formulae.brew.sh API.`
			`#`
			`# @api private`
			`module API`
Remove `json` argument and extend `Cachable` 2021-08-09 10:29:55 -04:00			`extend Cachable`

Support offline usage under HOMEBREW_INSTALL_FROM_API 2021-12-07 00:13:56 +00:00			`HOMEBREW_CACHE_API = (HOMEBREW_CACHE/"api").freeze`
Refactor formula, cask and Ruby source downloads to use shared code 2023-04-18 00:22:13 +01:00			`HOMEBREW_CACHE_API_SOURCE = (HOMEBREW_CACHE/"api-source").freeze`
api: warn rather than fail if we've got a cached version. Rather than failing every time we fail to update (breaking most usage while offline) instead only fail if we cannot obtain the JSON and we don't have a valid local file we can use. Also tweak the timeout and retry logic and values to make a bit more sense in this context and not be so noisy when offline. 2023-02-03 10:22:50 +00:00
Tweak cask-source API handling - Use raw.githubusercontent.com to download cask source rather than formulae.brew.sh. This allows us to remove these files - output the tap's current `HEAD` for both formulae and cask JSON - use this `HEAD` for the cask-source API to get the exact file on raw.githubusercontent.com rather than just whatever is newest (which is what the previous API did) - set the `Tap` correctly when creating a `Cask` from the API - if the `formula.json` file exists: print its modified time include `brew config` - memoize `tap.git_head` as we'll be calling it a lot in the same process with the same value 2023-01-26 17:36:40 +00:00			`sig { params(endpoint: String).returns(Hash) }`
Enabling typing in Homebrew::API module 2023-02-11 22:16:57 -08:00			`def self.fetch(endpoint)`
Remove `json` argument and extend `Cachable` 2021-08-09 10:29:55 -04:00			`return cache[endpoint] if cache.present? && cache.key?(endpoint)`
Refactor API methods 2021-08-06 02:30:44 -04:00
api: download from `HOMEBREW_API_DOMAIN` 2023-02-03 14:10:40 +00:00			`api_url = "#{Homebrew::EnvConfig.api_domain}/#{endpoint}"`
api: warn rather than fail if we've got a cached version. Rather than failing every time we fail to update (breaking most usage while offline) instead only fail if we cannot obtain the JSON and we don't have a valid local file we can use. Also tweak the timeout and retry logic and values to make a bit more sense in this context and not be so noisy when offline. 2023-02-03 10:22:50 +00:00			`output = Utils::Curl.curl_output("--fail", api_url)`
api: download from `HOMEBREW_API_DOMAIN` 2023-02-03 14:10:40 +00:00			`if !output.success? && Homebrew::EnvConfig.api_domain != HOMEBREW_API_DEFAULT_DOMAIN`
			`# Fall back to the default API domain and try again`
			`api_url = "#{HOMEBREW_API_DEFAULT_DOMAIN}/#{endpoint}"`
			`output = Utils::Curl.curl_output("--fail", api_url)`
			`end`
Refactor API methods 2021-08-06 02:30:44 -04:00			`raise ArgumentError, "No file found at #{Tty.underline}#{api_url}#{Tty.reset}" unless output.success?`

Tweak cask-source API handling - Use raw.githubusercontent.com to download cask source rather than formulae.brew.sh. This allows us to remove these files - output the tap's current `HEAD` for both formulae and cask JSON - use this `HEAD` for the cask-source API to get the exact file on raw.githubusercontent.com rather than just whatever is newest (which is what the previous API did) - set the `Tap` correctly when creating a `Cask` from the API - if the `formula.json` file exists: print its modified time include `brew config` - memoize `tap.git_head` as we'll be calling it a lot in the same process with the same value 2023-01-26 17:36:40 +00:00			`cache[endpoint] = JSON.parse(output.stdout)`
Refactor API methods 2021-08-06 02:30:44 -04:00			`rescue JSON::ParserError`
			`raise ArgumentError, "Invalid JSON file: #{Tty.underline}#{api_url}#{Tty.reset}"`
			`end`
Extract common JSON API fetch logic 2022-12-30 01:01:52 -05:00
Further improvements to API handling in shell 2023-02-16 21:49:03 +00:00			`sig { params(endpoint: String, target: Pathname).returns([T.any(Array, Hash), T::Boolean]) }`
Enabling typing in Homebrew::API module 2023-02-11 22:16:57 -08:00			`def self.fetch_json_api_file(endpoint, target:)`
Extract common JSON API fetch logic 2022-12-30 01:01:52 -05:00			`retry_count = 0`
api: download from `HOMEBREW_API_DOMAIN` 2023-02-03 14:10:40 +00:00			`url = "#{Homebrew::EnvConfig.api_domain}/#{endpoint}"`
			`default_url = "#{HOMEBREW_API_DEFAULT_DOMAIN}/#{endpoint}"`
Add HOMEBREW_API_AUTO_UPDATE_SECS This sets the default and allows customising how often we try to download files from the API. This does not affect `brew update` as we want to always check every time on an explicit call. 2023-02-10 19:15:31 +00:00
api: don't download files as root when Homebrew's not owned by root. This was mentioned in a random comment. While we're here, make some helper functions to query this a bit more nicely elsewhere when we do it. 2023-02-23 10:04:50 +00:00			`if Homebrew.running_as_root_but_not_owned_by_root? &&`
			`(!target.exist? \|\| target.empty?)`
api: improve root messaging. Co-authored-by: Bo Anderson <mail@boanderson.me> 2023-02-23 12:48:18 +00:00			odie "Need to download #{url} but cannot as root! Run `brew update` without `sudo` first then try again."
api: don't download files as root when Homebrew's not owned by root. This was mentioned in a random comment. While we're here, make some helper functions to query this a bit more nicely elsewhere when we do it. 2023-02-23 10:04:50 +00:00			`end`

Add HOMEBREW_API_AUTO_UPDATE_SECS This sets the default and allows customising how often we try to download files from the API. This does not affect `brew update` as we want to always check every time on an explicit call. 2023-02-10 19:15:31 +00:00			`# TODO: consider using more of Utils::Curl`
brew.sh: move shared curl speed limit settings here. This avoids duplication and potentially allows it to be used for various other `curl` calls. 2023-02-10 17:27:10 +00:00			`curl_args = %W[`
			`--compressed`
			`--speed-limit #{ENV.fetch("HOMEBREW_CURL_SPEED_LIMIT")}`
			`--speed-time #{ENV.fetch("HOMEBREW_CURL_SPEED_TIME")}`
			`]`
Add HOMEBREW_API_AUTO_UPDATE_SECS This sets the default and allows customising how often we try to download files from the API. This does not affect `brew update` as we want to always check every time on an explicit call. 2023-02-10 19:15:31 +00:00			`curl_args << "--progress-bar" unless Context.current.verbose?`
			`curl_args << "--verbose" if Homebrew::EnvConfig.curl_verbose?`
api: respect --quiet 2023-02-20 23:23:42 -08:00			`curl_args << "--silent" if !$stdout.tty? \|\| Context.current.quiet?`
Add HOMEBREW_API_AUTO_UPDATE_SECS This sets the default and allows customising how often we try to download files from the API. This does not affect `brew update` as we want to always check every time on an explicit call. 2023-02-10 19:15:31 +00:00
			`skip_download = target.exist? &&`
			`!target.empty? &&`
Auto-update from the API less often Instead of doing so literally whenever we query for a formula, Instead do so only when we're in an auto-updateable command. This better fits the existing behaviour while still updating when it's most important to do so. 2023-03-10 17:53:15 +00:00			`(!Homebrew.auto_update_command? \|\|`
			`Homebrew::EnvConfig.no_auto_update? \|\|`
Add HOMEBREW_API_AUTO_UPDATE_SECS This sets the default and allows customising how often we try to download files from the API. This does not affect `brew update` as we want to always check every time on an explicit call. 2023-02-10 19:15:31 +00:00			`((Time.now - Homebrew::EnvConfig.api_auto_update_secs.to_i) < target.mtime))`
api: don't download files as root when Homebrew's not owned by root. This was mentioned in a random comment. While we're here, make some helper functions to query this a bit more nicely elsewhere when we do it. 2023-02-23 10:04:50 +00:00			`skip_download \|\|= Homebrew.running_as_root_but_not_owned_by_root?`
api: warn rather than fail if we've got a cached version. Rather than failing every time we fail to update (breaking most usage while offline) instead only fail if we cannot obtain the JSON and we don't have a valid local file we can use. Also tweak the timeout and retry logic and values to make a bit more sense in this context and not be so noisy when offline. 2023-02-03 10:22:50 +00:00
api: use signed endpoint 2023-02-19 00:54:45 +00:00			`json_data = begin`
api: improve exception handling. 2023-02-04 13:22:15 +01:00			`begin`
api: don't add --time-cond on retries 2023-02-09 18:26:37 +00:00			`args = curl_args.dup`
Enabling typing in Homebrew::API module 2023-02-11 22:16:57 -08:00			`args.prepend("--time-cond", target.to_s) if target.exist? && !target.empty?`
Add HOMEBREW_API_AUTO_UPDATE_SECS This sets the default and allows customising how often we try to download files from the API. This does not affect `brew update` as we want to always check every time on an explicit call. 2023-02-10 19:15:31 +00:00			`unless skip_download`
api: respect --quiet 2023-02-20 23:23:42 -08:00			`ohai "Downloading #{url}" if $stdout.tty? && !Context.current.quiet?`
Add HOMEBREW_API_AUTO_UPDATE_SECS This sets the default and allows customising how often we try to download files from the API. This does not affect `brew update` as we want to always check every time on an explicit call. 2023-02-10 19:15:31 +00:00			`# Disable retries here, we handle them ourselves below.`
			`Utils::Curl.curl_download(*args, url, to: target, retries: 0, show_error: false)`
			`end`
api: improve exception handling. 2023-02-04 13:22:15 +01:00			`rescue ErrorDuringExecution`
api: download from `HOMEBREW_API_DOMAIN` 2023-02-03 14:10:40 +00:00			`if url == default_url`
			`raise unless target.exist?`
			`raise if target.empty?`
			`elsif retry_count.zero? \|\| !target.exist? \|\| target.empty?`
			`# Fall back to the default API domain and try again`
			# This block will be executed only once, because we set `url` to `default_url`
			`url = default_url`
			`target.unlink if target.exist? && target.empty?`
Add HOMEBREW_API_AUTO_UPDATE_SECS This sets the default and allows customising how often we try to download files from the API. This does not affect `brew update` as we want to always check every time on an explicit call. 2023-02-10 19:15:31 +00:00			`skip_download = false`
api: download from `HOMEBREW_API_DOMAIN` 2023-02-03 14:10:40 +00:00
			`retry`
			`end`
Extract common JSON API fetch logic 2022-12-30 01:01:52 -05:00
api: improve exception handling. 2023-02-04 13:22:15 +01:00			`opoo "#{target.basename}: update failed, falling back to cached version."`
			`end`
api: warn rather than fail if we've got a cached version. Rather than failing every time we fail to update (breaking most usage while offline) instead only fail if we cannot obtain the JSON and we don't have a valid local file we can use. Also tweak the timeout and retry logic and values to make a bit more sense in this context and not be so noisy when offline. 2023-02-03 10:22:50 +00:00
api: avoid unnecessary file write operation 2023-02-16 15:41:26 +00:00			`FileUtils.touch(target) unless skip_download`
api: use signed endpoint 2023-02-19 00:54:45 +00:00			`JSON.parse(target.read)`
Extract common JSON API fetch logic 2022-12-30 01:01:52 -05:00			`rescue JSON::ParserError`
			`target.unlink`
			`retry_count += 1`
Add HOMEBREW_API_AUTO_UPDATE_SECS This sets the default and allows customising how often we try to download files from the API. This does not affect `brew update` as we want to always check every time on an explicit call. 2023-02-10 19:15:31 +00:00			`skip_download = false`
api: warn rather than fail if we've got a cached version. Rather than failing every time we fail to update (breaking most usage while offline) instead only fail if we cannot obtain the JSON and we don't have a valid local file we can use. Also tweak the timeout and retry logic and values to make a bit more sense in this context and not be so noisy when offline. 2023-02-03 10:22:50 +00:00			`odie "Cannot download non-corrupt #{url}!" if retry_count > Homebrew::EnvConfig.curl_retries.to_i`
Extract common JSON API fetch logic 2022-12-30 01:01:52 -05:00
			`retry`
			`end`
api: use signed endpoint 2023-02-19 00:54:45 +00:00
			`if endpoint.end_with?(".jws.json")`
			`success, data = verify_and_parse_jws(json_data)`
			`unless success`
			`target.unlink`
			`odie <<~EOS`
			`Failed to verify integrity (#{data}) of:`
			`#{url}`
			Potential MITM attempt detected. Please run `brew update` and try again.
			`EOS`
			`end`
			`[data, !skip_download]`
			`else`
			`[json_data, !skip_download]`
			`end`
Extract common JSON API fetch logic 2022-12-30 01:01:52 -05:00			`end`
Tweak cask-source API handling - Use raw.githubusercontent.com to download cask source rather than formulae.brew.sh. This allows us to remove these files - output the tap's current `HEAD` for both formulae and cask JSON - use this `HEAD` for the cask-source API to get the exact file on raw.githubusercontent.com rather than just whatever is newest (which is what the previous API did) - set the `Tap` correctly when creating a `Cask` from the API - if the `formula.json` file exists: print its modified time include `brew config` - memoize `tap.git_head` as we'll be calling it a lot in the same process with the same value 2023-01-26 17:36:40 +00:00
Allow `brew info --json=v2` without taps with JSON API 2023-02-10 12:07:36 -05:00			`sig { params(json: Hash).returns(Hash) }`
Enabling typing in Homebrew::API module 2023-02-11 22:16:57 -08:00			`def self.merge_variations(json)`
api: fix `bottle_tag` identification 2023-03-02 23:29:09 -05:00			`bottle_tag = ::Utils::Bottles::Tag.new(system: Homebrew::SimulateSystem.current_os,`
			`arch: Homebrew::SimulateSystem.current_arch)`

			`if (variations = json["variations"].presence) &&`
api: fix `merge_variations` 2023-03-07 14:12:03 -05:00			`(variation = variations[bottle_tag.to_s].presence)`
Allow `brew info --json=v2` without taps with JSON API 2023-02-10 12:07:36 -05:00			`json = json.merge(variation)`
			`end`

			`json.except("variations")`
			`end`
Further improvements to API handling in shell 2023-02-16 21:49:03 +00:00
			`sig { params(names: T::Array[String], type: String, regenerate: T::Boolean).returns(T::Boolean) }`
			`def self.write_names_file(names, type, regenerate:)`
			`names_path = HOMEBREW_CACHE_API/"#{type}_names.txt"`
			`if !names_path.exist? \|\| regenerate`
			`names_path.write(names.join("\n"))`
			`return true`
			`end`

			`false`
			`end`
api: use signed endpoint 2023-02-19 00:54:45 +00:00
			`sig { params(json_data: Hash).returns([T::Boolean, T.any(String, Array, Hash)]) }`
			`private_class_method def self.verify_and_parse_jws(json_data)`
			`signatures = json_data["signatures"]`
			`homebrew_signature = signatures&.find { \|sig\| sig.dig("header", "kid") == "homebrew-1" }`
			`return false, "key not found" if homebrew_signature.nil?`

			`header = JSON.parse(Base64.urlsafe_decode64(homebrew_signature["protected"]))`
			`if header["alg"] != "PS512" \|\| header["b64"] != false # NOTE: nil has a meaning of true`
			`return false, "invalid algorithm"`
			`end`

			`require "openssl"`

			`pubkey = OpenSSL::PKey::RSA.new((HOMEBREW_LIBRARY_PATH/"api/homebrew-1.pem").read)`
			`signing_input = "#{homebrew_signature["protected"]}.#{json_data["payload"]}"`
			`unless pubkey.verify_pss("SHA512",`
			`Base64.urlsafe_decode64(homebrew_signature["signature"]),`
			`signing_input,`
			`salt_length: :digest,`
			`mgf1_hash: "SHA512")`
			`return false, "signature mismatch"`
			`end`

			`[true, JSON.parse(json_data["payload"])]`
			`end`
Refactor formula, cask and Ruby source downloads to use shared code 2023-04-18 00:22:13 +01:00
			`sig { params(path: Pathname).returns(T.nilable(Tap)) }`
			`def self.tap_from_source_download(path)`
			`source_relative_path = path.relative_path_from(Homebrew::API::HOMEBREW_CACHE_API_SOURCE)`
			`return if source_relative_path.to_s.start_with?("../")`

			`org, repo = source_relative_path.each_filename.first(2)`
			`return if org.blank? \|\| repo.blank?`

			`Tap.fetch(org, repo)`
			`end`
Refactor API methods 2021-08-06 02:30:44 -04:00			`end`
			`end`